firewall disabled by a virus

[maurizio.tappi@gmail.com]

Hi you all,

I've a problem with my windows XP SP2 Home edition installed on a
Toshiba satellite S2450-401. The problem is that the windows firewall
get disabled by itself and when I try to activate it by the control
panel it remains deactivated!
Moreover there is a lot of cpu work (I can hear the fan going very
fast) with one of the prcesses svchost.exe that I can see in task
manager.
I attach a log by hijackthis where the file jhapri.dll seems to me
very malicious...

Can anybody help me?
Thanks in advance,

Maurizio

Logfile of HijackThis v1.99.1
Scan saved at 15.44.08, on 20/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\flexlm\lmgrd.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\flexlm\SW_D.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmi\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Rising\Rav\CCenter.exe
C:\Programmi\Rising\Rav\RavTask.exe
C:\Programmi\Rising\Rav\Ravmond.exe
C:\Programmi\Rising\Rav\RavMon.exe
C:\Programmi\Rising\Rav\RavStub.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Maurizio\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:
\WINDOWS\system32\secpol.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX
\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:
\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon
initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PmProxy] C:\Programmi\Analog Devices\SoundMAX
\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE /
Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programmi\TOSHIBA\Wireless Hotkey
\TosHKCW.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --
logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia
\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java
\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [RavTask] "C:\Programmi\Rising\Rav\RavTask.exe" -
system
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite
6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /
background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft
ActiveSync\wcescomm.exe"
O4 - Startup: mauri.bgi
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org
2.0\program\quickstart.exe
O4 - Global Startup: dbw30daysevaluation.exe.lnk = C:\Documents and
Settings\Gianluca\Desktop\dbw30daysevaluation.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:
\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
- C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:
\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic
\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl
Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:
\Programmi\Skype\toolbars\Shared\Skype4ComAPI.dll
O20 - AppInit_DLLs: jhapri.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) -
Beijing Rising Technology Co., Ltd. - C:\Programmi\Rising\Rav
\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology
Co., Ltd. - C:\Programmi\Rising\Rav\Ravmond.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite
\Services\ServiceLayer.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision
Corporation - C:\flexlm\lmgrd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service
(default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices
\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Programmi
\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS
\system32\UStorSrv.exe

 

[Malke]

maurizio.tappi@gmail.com wrote:
> Hi you all,
>
> I've a problem with my windows XP SP2 Home edition installed on a
> Toshiba satellite S2450-401. The problem is that the windows firewall
> get disabled by itself and when I try to activate it by the control
> panel it remains deactivated!
> Moreover there is a lot of cpu work (I can hear the fan going very
> fast) with one of the prcesses svchost.exe that I can see in task
> manager.
> I attach a log by hijackthis where the file jhapri.dll seems to me
> very malicious...

(snip HJT log)

Please don't post HijackThis logs here in the MS newsgroups. HJT logs
take a great deal of time and expertise to analyze correctly and you
will not get the attention you need here. Instead, post to one of the
specialty forums listed below.

You indeed do have a worm. Here are general malware removal steps:

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to
do all scans in Safe Mode.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://pcdid.com/Multi_AV.htm - download

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

Not all tools used will work in Vista and you will need to run them
elevated. Since Vista is so new, it will be a while before removal
techniques and tools are developed. If you are unable to remove the
infection by following the general steps, register at one of the
HijackThis forums as suggested.

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may
be so infested that Windows will need to be clean-installed. Have all
your data backed up before you take the machine into a shop.

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/ - Click on the HijackThis forum. Read the announcement
and the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[Milo (MSPSS)]

Add to such what malke indicated of a worm in your system, I dont see any
Stand alone Security Application software in your system ( anti-virus or
anti-spyware ), as option after proceeding with the previous recommendation.

1. http://safety.live.com ( online scanner )
2. http://www.microsoft.com/defender ( download and install )
3. http://www.ewido.net/en ( AVG optional trial version 3rd party
Anti-spyware )
4. Should everything fail you can proceed with Microsoft Security ( Free
Support ) .
- for this option prompt us of the outcome

Thanks,

--
Milo
MSPSS


"maurizio.tappi@gmail.com" wrote:

> Hi you all,
>
> I've a problem with my windows XP SP2 Home edition installed on a
> Toshiba satellite S2450-401. The problem is that the windows firewall
> get disabled by itself and when I try to activate it by the control
> panel it remains deactivated!
> Moreover there is a lot of cpu work (I can hear the fan going very
> fast) with one of the prcesses svchost.exe that I can see in task
> manager.
> I attach a log by hijackthis where the file jhapri.dll seems to me
> very malicious...
>
> Can anybody help me?
> Thanks in advance,
>
> Maurizio
>
> Logfile of HijackThis v1.99.1
> Scan saved at 15.44.08, on 20/07/2007
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16473)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
> C:\WINDOWS\System32\nvsvc32.exe
> C:\flexlm\lmgrd.exe
> C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
> C:\flexlm\SW_D.EXE
> C:\WINDOWS\System32\svchost.exe
> C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe
> C:\WINDOWS\system32\UStorSrv.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\System32\alg.exe
> C:\Programmi\Analog Devices\SoundMAX\PmProxy.exe
> C:\WINDOWS\System32\00THotkey.exe
> C:\WINDOWS\system32\TPWRTRAY.EXE
> C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE
> C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
> C:\WINDOWS\system32\TFNF5.exe
> C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe
> C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
> C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
> C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
> C:\Programmi\ClamWin\bin\ClamTray.exe
> C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
> C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
> C:\Programmi\QuickTime\qttask.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
> C:\Programmi\Messenger\msmsgs.exe
> C:\Programmi\Microsoft ActiveSync\wcescomm.exe
> C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
> C:\PROGRA~1\MICROS~4\rapimgr.exe
> C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
> C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
> C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\wscntfy.exe
> C:\Programmi\Rising\Rav\CCenter.exe
> C:\Programmi\Rising\Rav\RavTask.exe
> C:\Programmi\Rising\Rav\Ravmond.exe
> C:\Programmi\Rising\Rav\RavMon.exe
> C:\Programmi\Rising\Rav\RavStub.exe
> C:\Programmi\Internet Explorer\iexplore.exe
> C:\Documents and Settings\Maurizio\Desktop\HijackThis.exe
>
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = 127.0.0.1
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
> = Collegamenti
> F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:
> \WINDOWS\system32\secpol.exe,
> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
> B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX
> \AcroIEHelper.dll
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:
> \Programmi\Java\jre1.5.0_06\bin\ssv.dll
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon
> initialize
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
> O4 - HKLM\..\Run: [PmProxy] C:\Programmi\Analog Devices\SoundMAX
> \PmProxy.exe
> O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
> O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
> O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
> O4 - HKLM\..\Run: [TMESBS.EXE] C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE /
> Client
> O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
> O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
> O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programmi\TOSHIBA\Wireless Hotkey
> \TosHKCW.exe"
> O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
> O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
> O4 - HKLM\..\Run: [TouchED] C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
> O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --
> logon
> O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia
> \NOKIAP~1\LAUNCH~1.EXE -startup
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java
> \jre1.5.0_06\bin\jusched.exe
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe"
> -atboottime
> O4 - HKLM\..\Run: [RavTask] "C:\Programmi\Rising\Rav\RavTask.exe" -
> system
> O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite
> 6\PcSync2.exe /NoDialog
> O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /
> background
> O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft
> ActiveSync\wcescomm.exe"
> O4 - Startup: mauri.bgi
> O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org
> 2.0\program\quickstart.exe
> O4 - Global Startup: dbw30daysevaluation.exe.lnk = C:\Documents and
> Settings\Gianluca\Desktop\dbw30daysevaluation.exe
> O8 - Extra context menu item: E&sporta in Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
> - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
> AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
> O9 - Extra button: Create Mobile Favorite -
> {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:
> \PROGRA~1\MICROS~4\INetRepl.dll
> O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
> - C:\PROGRA~1\MICROS~4\INetRepl.dll
> O9 - Extra 'Tools' menuitem: Crea preferito portatile... -
> {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:
> \PROGRA~1\MICROS~4\INetRepl.dll
> O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
> - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
> d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic
> \xpnetdiag.exe (file missing)
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
> - C:\Programmi\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
> BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
> O11 - Options group: [INTERNATIONAL] International*
> O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl
> Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
> O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:
> \Programmi\Skype\toolbars\Shared\Skype4ComAPI.dll
> O20 - AppInit_DLLs: jhapri.dll
> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel
> 32\IDriverT.exe
> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
> Corporation - C:\WINDOWS\System32\nvsvc32.exe
> O23 - Service: Rising Process Communication Center (RsCCenter) -
> Beijing Rising Technology Co., Ltd. - C:\Programmi\Rising\Rav
> \CCenter.exe
> O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology
> Co., Ltd. - C:\Programmi\Rising\Rav\Ravmond.exe
> O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite
> \Services\ServiceLayer.exe
> O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision
> Corporation - C:\flexlm\lmgrd.exe
> O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service
> (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices
> \SoundMAX\SMAgent.exe
> O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Programmi
> \TOSHIBA\TME3\Tmesbs32.exe
> O23 - Service: UStorage Server Service - OTi - C:\WINDOWS
> \system32\UStorSrv.exe
>
>